Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
02-27-2021 10:25 PM
Hi,
When I connect global protect Gateway. Once is connected I received this notification.
I have check the internet connectivity it's working fine.
Can you please let me know how to avoid this notification
02-28-2021 02:18 AM
Someone else had this issue (on ios) and was resolved by a client update. It may be worth a look...
https://live.paloaltonetworks.com/t5/general-topics/globalprotect-ipad-vpn-app/td-p/381955
02-28-2021 02:23 AM - edited 02-28-2021 02:55 AM
My next step would be to check GP logs, pangps may help...
you can prevent popups in reg but probably best to find what causes the message.
show-system-tray-notifications yes | no
02-28-2021 03:41 AM
Sorry for the confusion, that was not a command, that was a registry setting in hkey\local machine to block GP popups if you wanted to...
02-28-2021 04:09 AM
Dear @Mick_Ball
Thanks for your reply
As we have big environment around 400 to 500 users. we are not able to do in each and every system.
is there is any other solution ?Please advise
02-28-2021 05:13 AM
I have no idea as i have never had this message and we have over 6k userbase.
does this happen for all users, do you have only 1 gateway... have you checked the GP logs on the device with the popup and go through the pangps file.
02-28-2021 05:27 AM
Hello,
This message means you have connected via SSL instead of IPsec, which is typically slower.
Check that you have a rule allowing the application ipsec-esp-udp and ensure that the client side / nothing else is blocking access to the gateway on UDP/4501
Check the traffic logs on the gateway for port 4501 to see if this is being denied on the firewall side (if you log everything anyway).
- DM
02-28-2021 11:44 PM
Dear @Mick_Ball @dmifsud
Please find the Global protect Logs
(P5096-T20276)Debug( 25): 03/01/21 09:09:19:601 create thread 0x774 with thread ID 2636
(P5096-T20276)Debug(2325): 03/01/21 09:09:19:601 Start FlushDNSCache thread 0x774
(P5096-T20276)Debug( 575): 03/01/21 09:09:19:601 Save route table snapshot...
(P5096-T20276)Debug( 780): 03/01/21 09:09:19:601 sslvpn connect() succeed
(P5096-T20276)Debug( 782): 03/01/21 09:09:19:601 Send notification of The network connection is unreliable and GlobalProtect reconnected using an alternate method. You may experience slowness when accessing the internet or business applications..
(P5096-T20276)Debug(1730): 03/01/21 09:09:19:603 Send response to client for request gateway-failed
(P5096-T20276)Debug(10891): 03/01/21 09:09:19:603 VPN tunnel is connected.
(P5096-T20276)Debug(10895): 03/01/21 09:09:19:603 Enable life time and create life time thread.
(P5096-T20276)Debug( 25): 03/01/21 09:09:19:603 create thread 0x7bc with thread ID 3624
(P5096-T20276)Debug(6849): 03/01/21 09:09:19:603 --Set state to Connected
(P5096-T3624)Debug(4317): 03/01/21 09:09:19:603 LifeTimeThread starts
(P5096-T20276)Debug(1142): 03/01/21 09:09:19:604 Display hip report V4 on the UI
(P5096-T20276)Debug(11159): 03/01/21 09:09:19:604 SetVpnStatus called with new status=1, Previous Status=0
(P5096-T20276)Debug(4161): 03/01/21 09:09:19:604 UpdatePrelogonStateForSSO() - User-logon tunnel state = Connected
(P5096-T20276)Debug(2660): 03/01/21 09:09:19:607 Tunnel is created with the gateway deltacrp.dyndns.org
(P5096-T20276)Debug(1605): 03/01/21 09:09:19:607 Refresh proxy
03-01-2021 01:14 AM
@dmifsud Do you know what version of PAN gives this message out?
@Joshan_Lakhani What version of PAN OS are you currently running.
I often see "switched to SSL" in user logs but still no popup for them.
03-01-2021 01:16 AM
As i troubleshoot further i found that all the user are connect via ssl VPN but we have configure the IPSEC vpn.
Global protect Version is 5.2.5
03-01-2021 01:24 AM
yes but IPSec is failing at some point.. this is what @dmifsud was telling you.
GlobalProtect will revert to SSL if IPSec fails.
(P4912-T7656)Info ( 221): 02/21/21 13:54:18:427 failed to receive keep alive
@Joshan_Lakhani could you confirm software version running on firewall.
03-01-2021 01:31 AM
could you tell me the software version of the firewall]
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
